General
-
Target
T8hSRQ9v.bat
-
Size
191B
-
Sample
191216-gpkwcwghx2
-
MD5
f773c363fe378766f4649d3c4e14667c
-
SHA1
44c9fed13edf783a27084d7d713b08b836efb0a9
-
SHA256
860e1d41ffe08b8824745666ed8f193468561b25df91e56472a336b6c6307e0d
-
SHA512
a9021477d95a6a8d0c7c494c123b55cb112227296b19067c70ec52cff6c1b1748d3a43d5e7d1d819d57c5d384c80756aa4b0d390717892b7c6af1cd11e474fec
Task
task1
Sample
T8hSRQ9v.bat
Resource
win7v191014
Malware Config
Extracted
http://185.103.242.78/pastes/T8hSRQ9v
Extracted
C:\7l955-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8950C755793BD156
http://decryptor.top/8950C755793BD156
Targets
-
-
Target
T8hSRQ9v.bat
-
Size
191B
-
MD5
f773c363fe378766f4649d3c4e14667c
-
SHA1
44c9fed13edf783a27084d7d713b08b836efb0a9
-
SHA256
860e1d41ffe08b8824745666ed8f193468561b25df91e56472a336b6c6307e0d
-
SHA512
a9021477d95a6a8d0c7c494c123b55cb112227296b19067c70ec52cff6c1b1748d3a43d5e7d1d819d57c5d384c80756aa4b0d390717892b7c6af1cd11e474fec
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks for installed software on the system
-
Discovering connected drives
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-